The Cross Site Scripting (also known as XSS or CSS) is one of the most common Security Testing in web applications. Recently It was implemented in our application. We certified our AUT for CSS.
Generally hackers try to embed malicious script into a vulnerable dynamic web applications. This malicious script is executed and hacker can steal the data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems.
To avoid cross site scripting vulnerabilities, the application should use encoded HTML content and it should not allow any URL or data, which contains <script and %3C%2Fscript.
In web so many tools are available to test this. I used a freeware called Webscarab. Also you can go through following links to know more about XSS.
Cross Site Scripting Definition - Wiki
Cross site Scripting FAQ
Sample Videos from Microsoft
No comments:
Post a Comment